On Thu, Mar 06, 2003 at 09:09:14PM -0500, Jason Dixon wrote:
I forgot to mention, I'm running -snapshot from 3/2/03. It doesn't look
like what happened to me was caused by any bugs (that Henning has
mentioned in the meantime), but I'm curious... were any of those bugs
fixed after my snapshot?
On Fri, Mar 07, 2003 at 01:40:31PM +0100, Henning Brauer wrote:
(pfctl.h ad pfctl_altq.c cheanged too)
need more proofs I cannot type?
*sigh*
--
Henning Brauer, BS Web Services, http://bsws.de
[EMAIL PROTECTED] - [EMAIL PROTECTED]
Unix is very simple, but it takes a genius to understand the
I hope somebody here can help me with a PF/NAT problem I'm having. I'm
moving a machine of ours from OpenBSD 2.9 to 3.2. This was all working
with IPF running on the 2.9 install.
The machine in question (nat) is working as a front for a DNS(SEC)
server. It takes UDP or TCP packets to port 53
Just wanted to add a word of appreciation for pftop.
Since I have a transparent bridge (which I didn't want to give an interface
to), I just loaded Can's pftop package via floppy (14K) and it runs nicely.
Not only is it great for looking at what people are doing on your network
(well, I have 3000
On Fri, Mar 07, 2003 at 11:45:16AM -0500, Pete Toscano wrote:
Anybody have any ideas? Am I using scrub incorrectly? Should I be
using scrub? Is there something else I'm doing wrong? Is there any
other potentially useful information I forgot to give?
Your ruleset looks fine, that's exactly
On Fri, Mar 07, 2003 at 03:27:06PM -0500, Pete Toscano wrote:
That's good to know. Would scrub in all work just as well as scrub
in on {$ExtIf, $IntIf} all fragment reassemble?
Yes, 'fragment reassemble' is the default, so both do the same thing
(unless you have additional interfaces that you
On Fri, 07 Mar 2003, Daniel Hartmeier wrote:
Your ruleset looks fine, that's exactly how it should work (rdr on
external, nat on internal, scrub on both).
That's good to know. Would scrub in all work just as well as scrub
in on {$ExtIf, $IntIf} all fragment reassemble?
It must be somehow
On Fri, Mar 07, 2003 at 05:22:23PM -0500, Peter Gorsuch wrote:
Connections to port 12002 occur between net2 and net3,
which should only allow port 42.
Show us the state entry (from pfctl -vvss output) that passes the
connection, then the corresponding rule (pfctl -vvsr, for the rule
number
